Commit Graph

2293 Commits

  • .NET: fix: filter filesystem checkpoint index by session (#6132)
    * fix: filter filesystem checkpoint index by session
    
    * fix: filter checkpoint index by parent
    
    * .NET: preserve legacy checkpoint index discovery
  • Python: Bug fix for declarative workflows (#6468)
    * Fix declarative object parsing bug
    
    * Remove unnecessary comment
    
    * Address PR comments
    
    * Address PR comments.
    
    * Fix CI failures.
  • Python: Integrate shell tool into harness agent (#6451)
    * Integrate shell tool into AgentHarness
    
    * Validate shell_executor exposes as_function() with a clear TypeError
    
    Addresses PR review feedback: a public factory should fail fast with an
    actionable error rather than a cryptic AttributeError when an incompatible
    shell_executor is supplied. Validation happens upfront, regardless of whether
    the client supports shell tools.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Type shell harness params via TYPE_CHECKING import
    
    Addresses PR review feedback: type shell_executor and
    shell_environment_provider_options instead of Any, using a TYPE_CHECKING
    import from agent_framework_tools.shell. The import never executes at
    runtime, so there is no circular dependency, and the lazy runtime import of
    ShellEnvironmentProvider is retained. Since ShellExecutor is a protocol
    without as_function(), the validated getattr result is invoked directly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix CopySessionConfig() and CopyResumeSessionConfig() to preserve SessionConfig.Streaming value (#6463)
    * Fix CopySessionConfig and CopyResumeSessionConfig ignoring Streaming value (#4732)
    
    CopySessionConfig() and CopyResumeSessionConfig() hardcoded Streaming = true,
    ignoring the caller's explicitly set SessionConfig.Streaming value. This made it
    impossible to disable streaming when using AsAIAgent() with the GitHub Copilot SDK.
    
    Changed both methods to use source.Streaming ?? true (and source?.Streaming ?? true
    for the nullable overload), preserving the caller's value when set while maintaining
    backward compatibility by defaulting to true when unset.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix non-streaming response path for SessionConfig.Streaming=false (#4732)
    
    The config-copy fix (preserving Streaming=false via null-coalescing) was
    already in place, but ConvertToAgentResponseUpdate(AssistantMessageEvent)
    always emitted raw AIContent without text—assuming delta events had already
    delivered it. When streaming is disabled there are no delta events, so the
    assistant's final text was silently dropped.
    
    Changes:
    - Add isStreaming parameter to ConvertToAgentResponseUpdate for
      AssistantMessageEvent so it emits TextContent in non-streaming mode.
    - Capture the resolved streaming flag in RunCoreStreamingAsync and pass
      it through the event subscription closure.
    - Add/update unit tests for both streaming and non-streaming paths.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for null Data path in ConvertToAgentResponseUpdate (#4732)
    
    Add a regression test covering the null-propagation path where
    AssistantMessageEvent.Data is null. The production code already handles
    this via ?. operators, but no test previously verified the behavior.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add tool approval middleware (#6414)
    * Add Python tool approval middleware
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix tool approval restored state handling
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Gate hidden approvals on explicit approval responses
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Handle string inputs in approval replay scan
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Cover argument-scoped approval rules
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Refine tool approval state and budgets
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix tool approval PR CI failures
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Revert DevUI Aspire README link change
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Align Foundry sample environment variables and credentials. (#6422)
    * dotnet: refresh Foundry sample guidance
    
    Carry forward the still-relevant sample guidance and Foundry-specific documentation fixes from the old stacked sample migration work, adapted to the current repo layout and policy.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * dotnet: rename Foundry sample env vars
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * dotnet: remove persistent provider sample
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * dotnet: drop SAMPLE_GUIDELINES.md from this PR
    
    Defer the guidelines doc and its cross-link to a follow-on PR to avoid broken-link failures in CI.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * dotnet: add DefaultAzureCredential warning to remaining samples
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * dotnet: address PR review feedback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Fix AzureFunctions integration tests — set FUNCTIONS_WORKER_RUNTIME (#6425)
    Azure Functions Core Tools v4 can no longer auto-detect the worker
    runtime when local.settings.json is absent. Add the required
    FUNCTIONS_WORKER_RUNTIME=dotnet-isolated environment variable to
    both StartFunctionApp helpers and re-enable the skipped tests.
    
    Fixes: https://github.com/microsoft/agent-framework/issues/6402
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add LoopAgent capability for Harnesses (#6384)
    * Add LoopAgent capability for Harnesses
    
    * Address PR comments.
    
    * Add support for returning user messages and response aggregation
    
    * Support fresh context per iteration with input sessions via cloning
    
    * Add ability to receive newly created sessions via callback
    
    * Address PR comments
    
    * Add judge criteria
    
    * Address PR comments
  • .NET: Adds Valkey to chat message history - issue 5445 (#5542)
    * Adds Valkey to chat message history
    
    * Address review: switch to Valkey.Glide, add options class, remove context provider
    
    - Switch from StackExchange.Redis to Valkey.Glide 1.1.0 (official Valkey .NET client)
    - Extract optional params into ValkeyChatHistoryProviderOptions
    - Add JsonSerializerOptions support, remove [RequiresUnreferencedCode]
    - Make MaxMessages/MaxMessagesToRetrieve readonly via options
    - Remove ValkeyContextProvider (overlaps with ChatHistoryMemoryProvider + MEVD)
    - Remove ValkeyProviderScope (only used by context provider)
    - Remove connection string constructors (caller manages IConnectionMultiplexer)
    - Update samples to use new API and gpt-5.4-mini
    
    * Use type-safe JsonSerializer overloads, remove suppress attributes
    
    Use JsonSerializerOptions.GetTypeInfo() for Serialize/Deserialize calls
    to enable NativeAOT/trimming compatibility without suppress attributes.
    Default to AgentAbstractionsJsonUtilities.DefaultOptions when no options provided.
    
    Signed-off-by: Matthias Howell <matthias.howell@improving.com>
    
    * Update READMEs: remove context provider references
    
    Remove ValkeyContextProvider and long-term memory references from sample
    READMEs since the context provider was removed from this PR. Simplify
    Valkey server requirements (no search module needed for chat history).
    
    Signed-off-by: Matthias Howell <matthias.howell@improving.com>
    
    * Apply suggestion from @westey-m
    
    * Fix formatting (dotnet format)
    
    Signed-off-by: Matthias Howell <matthias.howell@improving.com>
    
    * Update dotnet/src/Microsoft.Agents.AI.Valkey/Microsoft.Agents.AI.Valkey.csproj
    
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
    
    ---------
    
    Signed-off-by: Matthias Howell <matthias.howell@improving.com>
    Co-authored-by: Matthias Howell <matthias.howell@yoppworks.com>
    Co-authored-by: westey <164392973+westey-m@users.noreply.github.com>
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • Python: [Generated by SRE Agent] Fix MCP allowed_tools empty list handling (#6296)
    * Fix MCP allowed_tools empty list handling
    
    When allowed_tools is set to an empty list [], the falsy check
    'if not self.allowed_tools' incorrectly treats it as unconfigured
    (same as None), causing all tools to be exposed. Change to an
    explicit 'is None' check so that an empty list correctly results
    in no tools being allowed.
    
    Co-authored-by: Azure SRE Agent <noreply@microsoft.com>
    
    * Clarify allowed_tools docstring: None vs [] semantics
    
    Per Eduard's review on PR #6296: explicitly document that None exposes all tools and [] exposes none, across all four MCPTool / MCPStdioTool / MCPStreamableHTTPTool / MCPWebsocketTool docstrings.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * allowed_tools docstring: recommend load_tools=False for full disable
    
    Per Eduard's follow-up on PR #6296: `load_tools=False` is the cleaner idiom when you don't want to expose any tools. Reframe `allowed_tools=[]` in the docstring as a runtime guard / inspection-only path and cross-reference `load_tools`.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Azure SRE Agent <noreply@microsoft.com>
    Co-authored-by: Giles Odigwe <79032838+giles17@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Bug fixes for declarative workflows (#6427)
    * declarative workflow approval flow fix
    
    * Update mcp handler cache construction
    
    * fix method argument.
    
    * Update dotnet/src/Microsoft.Agents.AI.Workflows.Declarative/ObjectModel/InvokeFunctionToolExecutor.cs
    
    Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    
    * Fix identation
    
    ---------
    
    Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
  • .NET: Make GitHub.Copilot.SDK build targets reach transitive consumers (#6455) (#6457)
    * .NET: Make GitHub.Copilot.SDK build targets reach transitive consumers (#6455)
    
    Microsoft.Agents.AI.GitHub.Copilot now ships a buildTransitive/ bridge so
    consumers who only reference this package (the normal use case) get the
    GitHub.Copilot.SDK's CLI binary-download MSBuild targets executed at build
    time. Without this, the SDK shipped its targets under build/ which NuGet
    only auto-imports for projects with a direct PackageReference to the SDK,
    so consumers of the adapter package got only the managed .dll, no
    copilot.exe in their output, and a runtime InvalidOperationException on
    the first RunAsync.
    
    The bridge consists of two files under buildTransitive/:
    
    * Microsoft.Agents.AI.GitHub.Copilot.props is generated at this package's
      pack time and pins the SDK version (from PackageVersion items in
      Directory.Packages.props) into _MicrosoftAgentsAICopilotSdkVersion.
    
    * Microsoft.Agents.AI.GitHub.Copilot.targets is static and imports the
      SDK's own build/GitHub.Copilot.SDK.targets from the NuGet cache using
      the pinned version. The version-pin condition no-ops gracefully if the
      resolved SDK differs from what was baked in (e.g. consumer overrides
      the SDK version directly), so this is purely additive.
    
    Verified by packing locally, restoring from a flat local feed, and
    building a transitive-only consumer (PackageReference to MAF only, no
    direct SDK ref). copilot.exe lands at bin/{cfg}/{tfm}/runtimes/{rid}/
    native/copilot.exe as expected, matching the path the SDK's runtime
    CopilotClient looks at.
    
    Fixes #6455
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address Copilot review feedback (#6457)
    
    - buildTransitive/.targets: compute the full SDK targets path with a single
      Path.Combine call into one property (_MicrosoftAgentsAICopilotSdkTargetsPath),
      used in both Project= and Exists() — no more split between Path.Combine for
      the directory and inline / separator for the file name.
    
    - Split the version-defaulting Condition between the two files: the generated
      .props now just bakes the packaged SDK version into a dedicated property
      (_MicrosoftAgentsAICopilotSdkPackagedVersion), and the static .targets file
      is the single place that defaults _MicrosoftAgentsAICopilotSdkVersion to it.
      Removes the need for any MSBuild escape gymnastics in the pack-time string
      construction, and keeps the consumer override path the same.
    
    - _GenerateBuildTransitiveProps now hangs off public BeforeTargets (Build, Pack)
      in addition to _GetPackageFiles, so the file is generated even without a
      full pack, and we're not solely dependent on an underscore-prefixed internal
      target. The <None Pack=true /> items live in a top-level ItemGroup so they
      are collected at evaluation time instead of being added from inside the
      Target.
    
    End-to-end retested with a transitive-only consumer (PackageReference to MAF
    only, no direct GitHub.Copilot.SDK ref): copilot.exe lands at
    bin/Debug/net10.0/runtimes/win-x64/native/copilot.exe (141.8 MB) as before.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Tamir Dresher <tamirdresher@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Hosted Agent Sample - Toolbox with various Auth (#5777) (#6018)
    * .NET: Add Hosted-Toolbox-AuthPaths sample and auto-map /readiness with toolbox health gating (#5777)
    
    Add a new hosted agent sample demonstrating five MCP tool authentication paths
    (API key, agent MI, project MI, custom OAuth, literal token) via a Foundry Toolbox.
    
    Package changes (Microsoft.Agents.AI.Foundry.Hosting):
    - MapFoundryResponses now auto-maps GET /readiness via MapHealthChecks, idempotent
      across Tier 1/2 (AgentHost, already mapped) and Tier 3 (WebApplication, gap filled).
    - AddFoundryResponses registers AddHealthChecks() so the pipeline is available.
    - AddFoundryToolboxes registers FoundryToolboxHealthCheck on the /readiness aggregate,
      gating readiness on pre-registered toolbox startup outcome (per spec section 3.1).
    - FoundryToolboxService now exposes StartupStatus and FailedToolboxNames properties.
    
    New types:
    - FoundryToolboxStartupStatus (public enum): Pending, Healthy, Failed, NoEndpoint.
    - FoundryToolboxHealthCheck (internal IHealthCheck): adapts startup status to the
      AspNetCore HealthChecks pipeline with failed toolbox names in result data.
    
    Tests:
    - 3 new tests for /readiness auto-mapping (Tier 3 default, pre-mapped skip, idempotent).
    - 4 new tests for FoundryToolboxHealthCheck (Pending, NoEndpoint, Failed, Healthy).
    - 3 enhanced FoundryToolboxServiceTests with StartupStatus assertions.
    
    * .NET: Align FoundryToolboxService with tools-integration-spec (#5777 Part A)
    
    Bring Microsoft.Agents.AI.Foundry.Hosting's toolbox path into compliance with
    tools-integration-spec.md sections 2-4, 6.3, and 9. Empirically validated
    against tao-foundry-prj: the previous code (reading FOUNDRY_AGENT_TOOLSET_ENDPOINT,
    which the platform never injects) silently registered zero tools in production.
    
    Package changes (Microsoft.Agents.AI.Foundry.Hosting):
    
    - FoundryToolboxService.StartAsync now derives the toolbox proxy base URL from
      the platform-injected FOUNDRY_PROJECT_ENDPOINT and constructs the per-toolbox
      URL as {FOUNDRY_PROJECT_ENDPOINT}/toolboxes/{name}/mcp?api-version={ApiVersion}
      per spec sections 2-3. The legacy FOUNDRY_AGENT_TOOLSET_ENDPOINT env var is
      removed outright (preview package, no production consumers).
    - FoundryToolboxOptions.ApiVersion default flipped to 'v1' to match spec example.
    - FoundryToolboxBearerTokenHandler always sends the mandatory
      Foundry-Features: Toolboxes=V1Preview header per spec section 2, merging any
      additional flags supplied via the FOUNDRY_AGENT_TOOLSET_FEATURES env var.
    - FoundryToolboxBearerTokenHandler token scope changed from
      https://cognitiveservices.azure.com/.default to https://ai.azure.com/.default
      per spec section 4.
    - FoundryToolboxBearerTokenHandler propagates W3C trace context (traceparent,
      tracestate, baggage) from Activity.Current per spec section 6.3.
    
    Sample changes:
    
    - Hosted-Toolbox-AuthPaths and Hosted-Toolbox Program.cs, README.md, and
      .env.example corrected to describe the actual env-var contract
      (FOUNDRY_PROJECT_ENDPOINT auto-injected; AZURE_AI_PROJECT_ENDPOINT as the
      local-dev fallback). Removes the misleading 'auto-injected by Foundry runtime'
      claims for FOUNDRY_AGENT_TOOLSET_ENDPOINT.
    - Hosted-Toolbox-AuthPaths/agent.manifest.yaml declares the toolbox and model
      dependencies under resources[] per the AgentManifest schema so azd ai agent
      init users get them provisioned automatically.
    
    Tests:
    
    - 4 new FoundryToolboxServiceTests covering env-var derivation, EndpointOverride
      precedence, trailing-slash normalization, and the existing NoEndpoint behavior
      under the new env var name.
    - 4 new FoundryToolboxBearerTokenHandlerTests covering token scope, mandatory
      feature header always present, header merging with override, no duplicate
      mandatory flag, trace context propagation from Activity.Current, and no
      override of caller-set traceparent.
    - New FoundryProjectEndpointEnvFixture xUnit collection definition serializes
      env-var-mutating tests across FoundryToolboxServiceTests and
      FoundryToolboxHealthCheckTests, preventing parallel-execution races.
    - FoundryToolboxHealthCheckTests adjusted for the new env var name.
    
    * .NET: Drop ACA prereq from Hosted-Toolbox-AuthPaths README (#5777 Part B)
    
    Empirically verified that any Azure Cognitive Services MCP endpoint already in
    the Foundry project (e.g., a Language service MCP) accepts Entra tokens and can
    serve Paths 2 and 3 without deploying a separate Azure MCP Server to ACA.
    
    README updates:
    - Step 0 rewritten: 'Identify an Entra-authenticated MCP target in your project'
      instead of 'Deploy Azure MCP Server to Azure Container Apps' (the original
      azmcp-foundry-aca-mi setup is now optional, not required).
    - Auth-paths matrix updated to describe AAD-based connections targeting a
      Cognitive Services MCP URL (e.g., Language service) instead of an ACA URL.
    - Step 2 connections table updated: the Entra ID category is now a single 'AAD'
      authType. The original 'Agent Identity' vs 'Project Managed Identity' as
      selectable connection sub-types is NOT exposed via the ARM control plane
      today; the platform selects the calling principal contextually. Both
      connections in the walkthrough share the same shape and target.
    - Added an explicit RBAC note: the agent identity AND project MI must hold the
      required role (typically Cognitive Services User) on the target resource;
      without it the MCP server returns HTTP 401 even though the connection wiring
      is correct.
    - Toolbox tool entries renamed lang_entra_agent / lang_entra_project to
      match the new connection names.
    
    Empirical validation supporting these changes is captured in the session
    plan.md (Part B addendum).
    
    * .NET: Document correct connection shape for Hosted-Toolbox-AuthPaths Paths 2/3 (#5777)
    
    Updates the sample README with the verified connection shape and RBAC procedure
    for Microsoft Entra agent-identity and project-managed-identity MCP authentication:
    
    - Connection authType values: AgenticIdentityToken (agent identity) and
      ProjectManagedIdentity (project MI), both with category=RemoteTool.
    - Top-level audience property required; for Cognitive Services targets the value
      is https://cognitiveservices.azure.com.
    - Connections created via ARM REST (the Foundry portal wizard does not yet
      expose these authTypes).
    - RBAC grants target the project's shared agent identity blueprint principal
      (project.properties.agentIdentity.agentIdentityId) for Path 2 and the
      project's system-assigned MI (project.identity.principalId) for Path 3.
    - Troubleshooting table updated with the audience-mismatch symptom and the
      startup-cache behavior of FoundryToolboxService.
    
    * .NET: Drop Path 3 (project MI) and align with new agent model in Hosted-Toolbox-AuthPaths (#5777)
    
    Updates the sample to use only the new Foundry agent object model and removes
    the project managed identity path:
    
    - Auth-path matrix reduced to four paths: key, Entra agent identity, custom
      OAuth, inline authorization. Project managed identity is moved into a note
      describing when it applies (multiple agents sharing access) rather than as
      a documented sample path.
    - RBAC instructions reference the agent's own instance_identity.principal_id
      from the agent ARM resource (new agent object model) instead of the
      project's shared agent identity blueprint (legacy model).
    - Step 2 (connections) creates only the AgenticIdentityToken connection.
    - Step 3 (toolbox tools) lists four tool entries instead of five.
    - Sample prompts and troubleshooting table updated to match.
    
    * .NET: Restore Path 3 (project MI) to Hosted-Toolbox-AuthPaths matrix (#5777)
    
    The sample's purpose is to enumerate every authentication path a Foundry toolbox
    can drive, not to pick one. Path 3 belongs alongside the other four with
    explicit guidance for when each path is the right choice.
    
    - Path 3 (project managed identity, authType=ProjectManagedIdentity) restored
      to the matrix with a 'When to pick this' column.
    - Step 2 (connections) provisions both lang-mcp-agent-id and lang-mcp-project-mi
      via ARM REST.
    - Step 3 (toolbox) lists five tool entries (one per path).
    - RBAC instructions cover both the agent's instance identity (Path 2) and the
      project's system-assigned MI (Path 3).
    - Sample prompts include all five paths.
    - Troubleshooting table updated accordingly.
    
    * .NET: Fix duplicate line in Hosted-Toolbox-AuthPaths README (#5777)
    
    * .NET: Fix broken markdown link to ToolCallingApprovalHostedAgentFixture (#5777)
    
    * .NET: Fix relative path depth in markdown link (#5777)
    
    * .NET: Address Copilot review feedback for #5777
    
    - FoundryToolboxHealthCheck description: rename FOUNDRY_AGENT_TOOLSET_ENDPOINT
      → FOUNDRY_PROJECT_ENDPOINT (stale reference; operator-facing in /readiness body).
    - FoundryToolboxStartupStatus.NoEndpoint XML doc: same rename.
    - ServiceCollectionExtensions XML docs: same rename + URL shape update.
    - Foundry.Hosting.IntegrationTests.TestContainer: remove explicit
      app.MapGet('/readiness') — now redundant + would conflict with the
      auto-mapped readiness route from MapFoundryResponses.
    - Hosted-Toolbox-AuthPaths agent.manifest.yaml: parameterize TOOLBOX_NAME via
      {{TOOLBOX_NAME}} template substitution and declare it under parameters with a
      default of 'auth-paths-toolbox' so the README's 'use any name' guidance
      actually works for hosted deployments.
    
    * .NET: Address Copilot review round 2 — fallback env + dedup + naming (#5777)
    
    - FoundryToolboxService.StartAsync: fall back to AZURE_AI_PROJECT_ENDPOINT when
      FOUNDRY_PROJECT_ENDPOINT is absent. Matches the local-dev convention used by
      the samples and resolves the doc/code mismatch flagged in review.
    - FoundryToolboxHealthCheck description updated for the fallback.
    - AddFoundryToolboxes: guard against duplicate health-check registration via an
      explicit name-uniqueness check on HealthCheckServiceOptions.Registrations.
      AddCheck<T>(name, ...) does not dedupe by name, so repeated AddFoundryToolboxes
      calls would have registered multiple instances.
    - FoundryToolboxOptions.EndpointOverride doc: clarify URL becomes
      {EndpointOverride}/toolboxes/{name}/mcp (was missing /toolboxes/ segment).
    - Hosted-Toolbox sample (Program.cs + README): switch FOUNDRY_TOOLBOX_NAME to
      TOOLBOX_NAME (the FOUNDRY_* prefix is reserved by the platform), default
      changed from 'my-toolset' to 'my-toolbox', terminology updated from 'Toolset'
      to 'Toolbox'.
    - FoundryToolboxServiceTests: 2 test renames to reflect what they actually
      assert (StartupStatus + FailedToolboxNames, not URL shape directly).
    - Tests adjusted to clear both env vars in NoEndpoint scenarios.
    
    * .NET: Fix stale NoEndpoint XML doc and misleading test comment (#5777)
    
    Update FoundryToolboxStartupStatus.NoEndpoint XML doc to mention both
    FOUNDRY_PROJECT_ENDPOINT and AZURE_AI_PROJECT_ENDPOINT (the service
    checks both since the fallback was added).
    
    Fix test comment that claimed URL derivation validation when the test
    only asserts on StartupStatus and FailedToolboxNames.
    
    * Remove OAuth consent path from AuthPaths sample, keep four working auth paths
    
    The interactive OAuth identity passthrough path needs a protocol gap closed in the
    hosting package (the proprietary oauth_consent_request item is not representable
    through the OpenAI/MEAI abstractions), so it is deferred to a separate spike branch.
    
    This strips the OAuth path from the AuthPaths sample, the companion REPL client, the
    agent manifest, and the docs, then renumbers the inline Authorization path so the
    sample teaches four contiguous paths: API key via connection, Entra agent identity,
    Entra project managed identity, and inline Authorization (anti-pattern).
    
    Package code is unchanged; the consent infrastructure already present in main stays
    as baseline. Both samples build with --warnaserror and all 246 hosting unit tests pass.
    
    * .NET: Drop project MI auth path and dedicated client from Hosted-Toolbox-AuthPaths (#5777)
    
    Live validation against tao-foundry-prj showed the ProjectManagedIdentity
    path failing with an unresolved token audience 401, so the sample now ships
    three working auth paths instead of four: connection key, agent managed
    identity, and inline Authorization.
    
    Changes:
    - Remove the project managed identity path from the AuthPaths sample matrix,
      prerequisites, connections, toolbox table, prompts, Program.cs instructions
      and agent.manifest.yaml.
    - Delete the near duplicate Hosted-Toolbox-AuthPaths-Client project and remove
      it from the solution. The README now drives the agent with the shared
      SimpleAgent REPL via AsAIAgent(agentEndpoint).
    - Correct the troubleshooting note: the Foundry toolbox tools/list is all or
      nothing, so one bad source returns -32007, fails startup, and returns 424
      for every path. Add the allowed_tools caveat that names must match the
      upstream server.
    - Mark the toolbox startup status and health check experimental under
      AgentsAIExperiments (MAAI001) instead of AIOpenAIResponses, and update the
      package NoWarn set accordingly.
    
    * .NET: Address PR review nits for Hosted-Toolbox-AuthPaths (#5777)
    
    - Remove duplicated NU1903 comment in Foundry.Hosting csproj.
    
    - Fix stale 'four-tool' cross-links in Hosted-Toolbox and Hosted-McpTools READMEs to describe the three-path toolbox driven by the shared SimpleAgent REPL.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Address toolbox startup-status review feedback (#5777)
    
    - Rename FoundryToolboxStartupStatus.Failed to Unhealthy so it is the proper opposite of Healthy, and clarify the doc comment covers the partial-failure case.
    
    - Raise the missing-endpoint toolbox log from Information to Warning, since enabling toolboxes is an explicit opt-in and a silently disabled toolbox warrants a higher-severity signal.
    
    - Update unit tests and the AuthPaths README troubleshooting row accordingly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Reword toolbox-wiring comment to avoid hosting-layer internals (#5777)
    
    Address PR review feedback: explain how a Foundry Toolbox is attached using the public API (AddFoundryToolboxes vs the CreateHostedMcpToolbox marker) and observable behavior, instead of naming the internal AgentFrameworkResponseHandler type and FoundryToolboxService.Tools property.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix .NET Copilot integration tests for SDK v1.0.0 (#6424)
    * Fix .NET Copilot integration tests for SDK v1.0.0
    
    - Remove hard-skip in favor of runtime Assert.Skip when COPILOT_GITHUB_TOKEN is not set
    - Add [Trait("Category", "Integration")] for CI filtering
    - Fix FunctionTool test: use explicit SessionConfig with Tools, OnPermissionRequest, and SystemMessage
    - Mark RemoteMcp test as IntegrationDisabled (requires OAuth flow)
    - Create explicit sessions in all tests and delete after each (cleanup)
    - Remove unused System.Diagnostics import
    - Simplify SkipIfCopilotNotConfigured to only check env var
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review: use try/finally for session cleanup, IsNullOrWhiteSpace
    
    - Wrap act/assert in try/finally so sessions are always deleted even on failure
    - Use IsNullOrWhiteSpace instead of IsNullOrEmpty for token check
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add COPILOT_GITHUB_TOKEN to .NET integration test workflow
    
    The Copilot SDK runtime reads this env var directly for authentication.
    No Node.js/npm install needed - the SDK downloads the CLI binary at build time.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Update release version for 2026-06-10 release and switch GH.CP Agent to RC (#6454)
    * Update release version for 2026-06-10 release
    
    * Switch GitHub.Copilot to RC
  • Python: HarnessAgent: Disable compaction when max tokens not provided (#6410)
    * HarnessAgent: Disable compaction when max tokens not provided
    
    * Fix regression.
    
    * Address PR comments
    
    * Require max_output_tokens to be positive
    
    Reject max_output_tokens=0 (must be positive), mirroring
    max_context_window_tokens. Addresses PR review feedback.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Parse MCP CallToolResult.structuredContent field to prevent tool results returning None (#6421)
    * Parse structuredContent from MCP CallToolResult (#3313)
    
    The _parse_tool_result_from_mcp method only iterated over the content
    field from CallToolResult, ignoring the structuredContent field entirely.
    MCP servers that return JSON data via structuredContent (e.g., Power BI
    MCP) appeared to return None.
    
    Add handling for structuredContent: when present, serialize it as JSON
    text and append it to the result list. This preserves the data for the
    LLM while maintaining backward compatibility with existing behavior.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Parse MCP CallToolResult.structuredContent field to prevent tool results returning None
    
    Fixes #3313
    
    * Address review feedback: add default=str to json.dumps and remove .checkpoints/
    
    - Add default=str to json.dumps for structuredContent serialization so
      non-JSON-serializable values (e.g. bytes) degrade gracefully instead
      of raising TypeError
    - Remove all .checkpoints/ runtime artifacts from the repository
    - Add **/.checkpoints/ to .gitignore to prevent future accidental commits
    - Add test for non-serializable structuredContent values
    
    Fixes #3313
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #3313: Python: MCP CallToolResult.structuredContent field is not parsed, causing tool results to return None
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: [BREAKING] Add sampling guardrails to MCP tools (#6413)
    * Add sampling guardrails to MCP tools
    
    Add approval, token, and request-count controls to the MCP sampling
    callback used when an MCPTool is configured with a chat client.
    
    - Add `sampling_approval_callback`, `sampling_max_tokens`, and
      `sampling_max_requests` parameters to `MCPTool` and its
      `MCPStdioTool`, `MCPStreamableHTTPTool`, and `MCPWebsocketTool`
      subclasses, positioned directly after `client`.
    - Gate each server-initiated `sampling/createMessage` request behind the
      approval callback, which denies by default when no callback is provided.
    - Clamp the requested `maxTokens` to `sampling_max_tokens` and enforce a
      per-session request count via `sampling_max_requests`.
    - Log incoming sampling requests at WARNING level (counts only).
    - Export `SamplingApprovalCallback` from the public API.
    - Add tests, a sample, and documentation updates.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Make sampling denial message context-aware
    
    Distinguish the deny-by-default case (no approval callback configured)
    from an explicit denial by a configured `sampling_approval_callback`, so
    the returned ErrorData message is accurate for callback-driven denials
    and exceptions.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Bump Microsoft.Extensions.AI packages to 10.6.0, align transitive dependency floor, and update Merge Gatekeeper ignores (#6148)
    * Bump Microsoft.Extensions.AI packages to 10.6.0
    
    * Align transitive package versions for Microsoft.Extensions.AI 10.6.0
    
    * Ignore external review check in Merge Gatekeeper
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • Python: bump package versions for 1.8.1 release (#6420)
    * Python: bump package versions for 1.8.1 release
    
    * Python: bump agent-framework-foundry-hosting for 1.8.1 release
    
    * Python: bump ag-ui and azurefunctions for 1.8.1 release
    
    * Remove incorrect agent-framework-foundry changelog entry for #6259
    
    * Add [1.8.1] changelog compare link and update [Unreleased] base
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
  • .NET: Add Foundry Deployment docs to HA sample READMEs (#6365)
    * Add 'Deploying to Foundry (azd spec)' sections to all Foundry hosted agent samples
    
    This commit adds comprehensive deployment documentation to all 13 .NET Foundry hosted agent samples that were missing it. Each sample now includes:
    
    - Instructions to initialize an azd project from the sample's agent.manifest.yaml
    - Steps to deploy using 'azd deploy'
    - Example environment variable overrides for customization
    - Link to the official Foundry deployment guide
    
    Samples updated:
    - Hosted-LocalTools
    - Hosted-Files
    - Hosted-FoundryAgent
    - Hosted-McpTools
    - Hosted-Observability
    - Hosted-MemoryAgent
    - Hosted-TextRag
    - Hosted-ToolboxMcpSkills
    - Hosted-AzureSearchRag
    - Hosted-AgentSkills
    - Hosted-Workflow-Handoff
    - Hosted-Workflow-Simple
    - Hosted-Invocations-EchoAgent
    
    Each section includes the correct agent name from the sample's manifest and points to the correct GitHub URL for initializing the azd project.
    
    Fixes: https://github.com/microsoft/agent-framework/issues/6308
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Potential fix for pull request finding
    
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
    
    * docs(samples): fix Foundry hosted README consistency
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(samples): address PR 6365 README review comments
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Ben Thomas <25218250+alliscode@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
  • Purview: Parallelize PSPC cold-cache scope refresh (#5832)
    * Parallelize Purview PSPC cold cache path
    
    * Cache Purview payment-required state for scope refresh
    
    * Cache Purview payment-required state for scope refresh
    
    * Align Purview policy action dedupe and 402 caching
    
     Deduplicate combined policy actions by action and restriction action so restriction-only actions are preserved
    without duplicating identical entries. Cache tenant-level payment-required state from background scope refresh so
    subsequent calls short-circuit consistently.
    
    * .NET: Implement best-effort caching for background job scope retrieval and add unit tests for cache write failures
    
    * Purview - feat: Enhance ScopedContentProcessor to queue ContentActivityJob when no applicable scopes are found and update related tests
    
    * docs: Update purview package README and AGENTS documentation to reflect caching optimizations and policy enforcement scenarios
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix Magentic to share agent replies across team (#6222)
    * Fix Magentic to share agent replies across team
    
    The per-round instruction was sent untargeted (fan-out delivered it to
    every participant) and replies were never relayed, so a later speaker saw
    the prior speaker's instruction but not its response - inverted from
    GroupChatHost and the Python reference.
    
    - Target the instruction at the selected speaker only.
    - Broadcast each reply to the other participants (buffered, no TurnToken),
      excluding the responder via _currentSpeakerExecutorId, mirroring
      GroupChatHost.
    - Persist _currentSpeakerExecutorId across checkpoints.
    - Add a regression test.
    
    * Address review feedback: null-guard, explicit checkpoint key, drop vacuous assertion
    
    * Address review feedback: centralize checkpoint keys, clear current speaker
    
    - Move CurrentSpeakerStateKey into MagenticConstants as
      nameof(CurrentSpeakerStateKey)
    - Clear _currentSpeakerExecutorId in ResetAndReplanAsync and
      PrepareFinalAnswerAsync so a checkpoint taken in those windows does not
      persist a stale speaker
    - Add UTF-8 BOM to RecordingEchoAgent.cs to satisfy the format check.
  • Python: [Generated by SRE Agent] docs: clarify checkpoint storage security model and deserialization trust boundaries (#6295)
    * docs: clarify checkpoint storage security model and deserialization trust boundaries
    
    Add Security Model documentation sections to the checkpoint encoding and
    Azure Functions serialization modules explaining:
    - Checkpoint storage is a trusted data source requiring access controls
    - The RestrictedUnpickler allowlist is defense-in-depth, not a security boundary
    - Developer responsibilities for securing storage backends
    - Guidance on using allowed_types and strip_pickle_markers
    
    Co-authored-by: Azure SRE Agent <noreply@microsoft.com>
    
    * Apply suggestions from code review
    
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Azure SRE Agent <noreply@microsoft.com>
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
  • Python: fix: use getattr for non-OpenAI provider response compatibility (#6270)
    * fix: use getattr for non-OpenAI provider response compatibility
    
    Fixes #6234
    Fixes #6235
    
    Use getattr with None fallback for system_fingerprint and output
    attributes to prevent AttributeError when non-OpenAI providers
    return response objects without these fields.
    
    * fix: use typed variable for response output to satisfy pyright
    
    Fixes #6235
    
    Use getattr with None fallback for the output attribute, and assign
    to a typed list variable before the match statement to help pyright
    narrow the response item types correctly.
    
    * fix: rename response_outputs to avoid name collision with case-block variable
    
    Fixes #6235
    
    Rename outputs to response_outputs on line 1974 to avoid mypy error
    about conflicting variable names in the match statement's case blocks.
    Also use list[Any] for explicit generic type annotation.
    
    * fix: use cast(list[Any]) for response output to satisfy pyright
    
    Fixes #6235
    
    The getattr() call returns Unknown type which pyright cannot narrow
    in the match statement. Use an explicit cast to list[Any].
    
    * fix: use hasattr guard instead of getattr for response.output
    
    Fixes #6235
    
    Using hasattr(response, 'output') and then accessing response.output
    directly gives pyright enough type information to verify the match
    statement exhaustiveness. This avoids the cast(list[Any]) approach
    which pyright still flagged as partially unknown.
    
    * fix: use ternary operator for response_outputs assignment
    
    Replace if-else block with ternary expression to satisfy ruff SIM108 lint rule.
    This fixes the Package Checks (3.11) CI failure.
    
    * fix: use ternary with cast for ruff SIM108 and pyright type safety
    
    Replace if-else block with ternary expression using cast(list[Any], ...)
    to satisfy:
    - ruff SIM108 (use ternary instead of if-else)
    - ruff E501 (line length < 120)
    - pyright type narrowing (cast preserves type info lost in ternary)
    
    All local checks pass: ruff check, ruff format, pyright, 298 tests.
    
    * fix: replace hasattr+cast with try/except to preserve pyright types
    
    ---------
    
    Co-authored-by: Tao Chen <taochen@microsoft.com>
  • .NET: Remove required token params from HarnessAgent, make compaction opt-in (#6409)
    * Move token params from HarnessAgent constructor to options
    
    Remove the required maxContextWindowTokens and maxOutputTokens
    constructor parameters from HarnessAgent and AsHarnessAgent, replacing
    them with optional MaxContextWindowTokens and MaxOutputTokens properties
    on HarnessAgentOptions.
    
    When both values are provided, compaction is enabled as before (in-loop
    CompactionProvider and chat reducer on the default InMemoryChatHistory
    Provider). When either is null, compaction is disabled entirely, making
    it opt-in.
    
    New constructor: HarnessAgent(IChatClient, HarnessAgentOptions?,
    ILoggerFactory?, IServiceProvider?)
    
    Closes #6333
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Improving comments.
    
    * feat: Add custom CompactionStrategy and DisableCompaction to HarnessAgentOptions
    
    Allow users to provide their own CompactionStrategy via options, with
    a clear priority system:
    1. DisableCompaction=true: no compaction regardless of other settings
    2. Custom CompactionStrategy provided: use it (token params ignored)
    3. Both MaxContextWindowTokens and MaxOutputTokens set: default strategy
    4. Otherwise: no compaction
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: Address PR review comments on compaction opt-in
    
    - Update chatClient param XML doc to reflect compaction is opt-in
    - Strengthen compaction tests to assert ChatReducer is null/not-null
      rather than just asserting construction succeeds
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add Reasoning to ChatClientAgent ChatOptions merging (#5463)
    * Add reasoning option to request chat options in ChatClientAgent
    
    * Add tests for ChatOptions reasoning merging in ChatClientAgent
    
    ---------
    
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • Python: Add Foundry Toolbox MCP skills hosted agent sample (#6363)
    * Add 12_foundry_toolbox_mcp_skills hosted agent sample
    
    Demonstrates using MCPSkillsSource with a Foundry Toolbox MCP endpoint
    to discover and serve skills via SkillsProvider (progressive disclosure).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix env var reference in README and reuse local var in main.py
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Potential fix for pull request finding
    
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
    
    * Require AZURE_AI_MODEL_DEPLOYMENT_NAME and use placeholder in .env.example
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Document Toolbox MCP skills vs Foundry Skills in sample README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Reference 12_foundry_toolbox_mcp_skills in parent README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: SergeyMenshykh <SergeMenshikh@outlook.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
  • Python: Filter MCP tool kwargs to declared params via allowlist (#6399)
    * Filter MCP tool kwargs to declared params via allowlist
    
    Previously MCPTool combined framework runtime kwargs (from
    FunctionInvocationContext.kwargs) with the LLM-supplied arguments and
    stripped only a hardcoded denylist of known framework keys before
    forwarding to the MCP server. Any new framework-injected kwarg leaked to
    the server unless the denylist was updated.
    
    Switch to an allowlist built from each tool's declared parameters
    (inputSchema.properties). Only declared params are forwarded; everything
    else is stripped. Add an `additional_tool_argument_names` constructor
    argument so users can opt extra names back in, globally (Sequence[str])
    and/or per remote tool name (Mapping with reserved "*" global key). The
    existing denylist is kept as a safety net for framework-named params a
    server declares in its schema; explicitly opted-in extras always win. The
    reserved _meta handling is unchanged.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address MCP allowlist review comments and fix reload arg loss
    
    - Fix pyright reportUnknownArgumentType in _load_tools (cast schema properties).
    - Register declared param names before the existing-tool skip guard so that
      tool-list reloads preserve the allowlist for already-loaded tools (previously
      unchanged tools silently dropped all declared args after a background reload).
    - Handle bare-string values in an additional_tool_argument_names mapping instead
      of iterating their characters.
    - Clarify the framework denylist comment: explicit extras override the denylist.
    - Make the extras-override-denylist test unambiguous (opt in a denylisted name).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: fix: preserve AG-UI session history (#5904)
    * fix: preserve AG-UI session history
    
    * refactor: use static AG-UI provider check
  • Python: feat(claude): bump claude-agent-sdk to 0.2.87 (#6248)
    * feat(claude): bump claude-agent-sdk to 0.2.87
    
    Upgrade claude-agent-sdk dependency from >=0.1.36,<0.1.49 to >=0.2.87,<0.3.
    
    Changes:
    - Bump version pin in pyproject.toml
    - Add 'xhigh' effort level to ClaudeAgentOptions (Opus 4.7 specific)
    - Expose new upstream SDK options: skills, session_id, task_budget,
      include_hook_events, strict_mcp_config, continue_conversation,
      fork_session
    - Add TaskBudget type import
    - Update uv.lock
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * chore: lower claude-agent-sdk floor to >=0.1.36
    
    Keep the lower bound at 0.1.36 since the 0.1→0.2 transition was additive
    and our code works on older versions as long as new options aren't used.
    This avoids forcing unnecessary upgrades on existing users.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: replace TaskBudget import with inline type for SDK compat
    
    TaskBudget was added in claude-agent-sdk 0.2.93 but does not exist in
    0.2.87. Use dict[str, int] inline type instead so type checking passes
    against 0.2.87. Lock file pinned to 0.2.87.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Harness console for python (#6312)
    * Add initial harness console for python
    
    * Add textual to project
    
    * Add planning and approval flows with list selector
    
    * Address PR comments
    
    * Fix list selection bug
    
    * Fix PR #6312 round 2 review comments
    
    - Escape untrusted agent text with rich.markup.escape() in observers
      (text_output, planning_output, reasoning_display) to prevent markup injection
    - Remove non-functional 'Always approve' choices from tool_approval.py
      (framework lacks CreateAlwaysApproveToolResponse support)
    - Remove textual from root pyproject.toml dev deps (sample-specific)
    - Add PEP 723 inline script metadata to harness_research.py
    - Narrow except Exception to except NoMatches in list_selection.py
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix build error
    
    * Fix build errors
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix per-service-call history persistence with server-storing clients (#6310)
    * Fix per-service-call history persistence with server-storing clients
    
    When an Agent set require_per_service_call_history_persistence=True together
    with a HistoryProvider, and the chat client stored history server-side by
    default (e.g. OpenAIChatClient, STORES_BY_DEFAULT=True), the external history
    provider was silently never persisted.
    
    Unify persistence on the per-service-call middleware: when the flag is set and
    a HistoryProvider exists, the middleware is always installed and owns
    persistence. service_stores_history now only selects middleware behavior:
    - service does not store: load providers and drive the function loop with a
      local sentinel conversation id, or
    - service stores: skip loading (the service owns history) and persist each
      service call while the real conversation id flows through.
    
    Also rationalize chat-options handling in _prepare_run_context:
    - _merge_options now skips None overrides and strips remaining None values, so
      an unset `store` is never forwarded and the service decides its own default.
    - Resolve `store` and `conversation_id` once from a single combined view
      (effective_options) instead of probing both default and runtime dicts; the
      auto-injection and per-service-call resolution now agree on conversation_id.
    
    Fixes #5798
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Correct as_agent() docstring: persistence is per service call, not once per run
    
    Address PR review: when the client stores history server-side, the
    per-service-call middleware still persists after each model call; only
    provider loading is skipped. The previous "persist once per run()" wording
    contradicted the implementation.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: docs, missing-conversation-id warning, and tests
    
    - Clarify that require_per_service_call_history_persistence is a no-op when no
      HistoryProvider is present (docstrings in _agents.py and _clients.py).
    - Warn on every service call when the client stores history server-side but
      returns no conversation_id, so the (uncommon) loss of cross-turn resumability
      cannot fail silently.
    - Add tests: storing client + existing conversation_id does not raise and the id
      propagates; two runs on the same session keep persisting with a stable
      service_session_id and no provider loading; storing-without-conversation-id
      warns per call.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: [BREAKING] Migrate .NET GitHub Copilot SDK to v1.0.0 (#6381)
    * Migrate .NET GitHub Copilot SDK from 1.0.0-beta.2 to 1.0.0
    
    - Update namespace from GitHub.Copilot.SDK to GitHub.Copilot
    - Replace PermissionRequestResult/PermissionRequestResultKind with PermissionDecision
    - Remove ConnectionState check (StartAsync is now idempotent)
    - Rename ConfigDir to ConfigDirectory
    - Use SessionConfig.Clone() for CopySessionConfig
    - Update Tools type from List<AIFunction> to List<AIFunctionDeclaration>
    - Rename UserMessageAttachmentFile to AttachmentFile
    - Update usage data types (CacheWriteTokens: long, Duration: TimeSpan)
    - Add GHCP001 NoWarn for experimental SDK APIs (matches framework convention)
    - Specify type argument on CopilotSession.On<SessionEvent>()
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix formatting: remove unused using directive
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Skip AzureFunctions SamplesValidation tests pending func tools fix
    
    Azure Functions Core Tools v4 can no longer auto-detect the worker
    runtime in CI (local.settings.json is gitignored). All 7 active
    SamplesValidation tests fail with 'Worker runtime cannot be None'.
    
    Tracked by: https://github.com/microsoft/agent-framework/issues/6402
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Skip additional failing integration tests in CI
    
    WorkflowSamplesValidation (5 tests): same func tools issue as #6402.
    WorkflowConsoleAppSamplesValidation (4 tests): KeyNotFoundException
    during workflow execution, tracked by #6404.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add approval bypassing to harness as the default (#6387)
    * Add approval bypassing to harness as a default
    
    * Add tests
    
    * Address PR comments.
  • .NET: [BREAKING] Fix hosting bugs (#6388)
    * Fix hosting bugs
    
    * Address PR comments